Re: Prosecutor cannot compel disclosure of encryption keys?

Anyone smart enough/knowledgeable enough to claim "just random data"
isn't going to be found out by "forensic investigators".

First of all, very few people are going to go to the bother of doing
everything that is necessary to foil a forensic investigator.

Agreed.

Second, your claim is by no means obvious. There are a hundred and one
ways to get tripped up in a lie; the forensic investigators only have
to find one, whereas you have to anticipate them all.

Here's another example: Suppose the investigator says "Oh, ok, you've
been using this in experiments. By the way, tell me how you use that
random data? What's the name of the program that reads in that data?
When did you use it in your experiments? Be precise."

There is no requirement that such questions be answered.
The courts have demanded suspects turn over *evidence* (e.g. DNA
sample)
despite the 5th amendement. A key is evidence and might be demanded
by the court. There is no requirment to answer QUESTIONS.

Now I know what you're going to say. You're going to retort with some
method you've devised that will prevent the investigator from using the
atime, or whatever, to catch you. But that misses the point. There are
many tricks an investigator might use to try to trap you into telling a
lie that can be disproven. I have no doubts that for any trick I tell
you about, you will be able to come up with a countermeasure. But will
you be able to come up with a way that protects you from all possible
traps, without knowing in advance what tricks the investigators may use?
Especially given that you are not an expert in forensics, and it only
takes one trick to catch you? Are you absolutely certain that you know
Windows well enough to know every way that Windows might leave some trace
of what you've done in a place that a forensic investigator can find it?

Windows, no. Unix, yes.

And even f you do come up with comprehensive countermeasures, will most
folks have the discipline to follow them every single time?

Probably not. But it is possible.

Also, your emphasis on "proof" is misguided. The legal system doesn't
work by mathematical proof, or by proof of any kind. The credibility
of witnesses is assessed in a highly subjective way. And people are
surprisingly good at assessing the credibility of witnesses. It's like
the mother who asks her kid "Did you take a cookie from the cookie jar?",
the kid says "You can't prove a thing!", and the mother says "Don't lie
to me. You're grounded!" Proof is besides the point.

The issue is to prevent prosecutors from obtaining truly damaging
evidence. They *already* think the suspect is lying.

Let us say that a court demands you turn over keys despite the 5th
amendement.
You can be jailed for failing to comply. So you turn over keys that
decrypt
the file(s) into something relatively harmless. You are in compliance
with the order,
but they do not obtain the real data.

Courts can demand that you turn over evidence, despite the 5th
amendment. But they can't force you to answer questions. So when they
demand your keys (evidence) you simply say: There are no keys
or else give them the 'decrypt to something harmless' keys.
In either case they do not get the evidence they are after.

Re: Forensic/Cyber Crime Investigator... but the one that stands out is "Professional Certified Investigator ". ... SO...looks like there's quite a bit specifically relating/pertaining to incident response & handling management. ... Also...throw in National Defense University has graduate and certification courses on IRM, ...forensics)....(Security-Basics)